1 /* 2 * dhcpcd - DHCP client daemon 3 * Copyright (c) 2006-2018 Roy Marples <roy@marples.name> 4 * All rights reserved 5 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25 * SUCH DAMAGE. 26 */ 27 28 #include <sys/param.h> 29 #include <sys/types.h> 30 #include <sys/socket.h> 31 #include <sys/stat.h> 32 33 #include <net/if.h> 34 #include <net/route.h> 35 #include <netinet/in.h> 36 #include <netinet/if_ether.h> 37 38 #include "config.h" 39 40 #ifdef HAVE_SYS_BITOPS_H 41 #include <sys/bitops.h> 42 #else 43 #include "compat/bitops.h" 44 #endif 45 46 #ifdef BSD 47 /* Purely for the ND6_IFF_AUTO_LINKLOCAL #define which is solely used 48 * to generate our CAN_ADD_LLADDR #define. */ 49 # include <netinet6/in6_var.h> 50 # include <netinet6/nd6.h> 51 #endif 52 53 #include <errno.h> 54 #include <ifaddrs.h> 55 #include <inttypes.h> 56 #include <stdlib.h> 57 #include <string.h> 58 #include <unistd.h> 59 60 #define ELOOP_QUEUE 7 61 #include "common.h" 62 #include "if.h" 63 #include "dhcpcd.h" 64 #include "dhcp6.h" 65 #include "eloop.h" 66 #include "ipv6.h" 67 #include "ipv6nd.h" 68 #include "logerr.h" 69 #include "sa.h" 70 #include "script.h" 71 72 #ifdef HAVE_MD5_H 73 # ifndef DEPGEN 74 # include <md5.h> 75 # endif 76 #endif 77 78 #ifdef SHA2_H 79 # include SHA2_H 80 #endif 81 82 #ifndef SHA256_DIGEST_LENGTH 83 # define SHA256_DIGEST_LENGTH 32 84 #endif 85 86 #if 0 /* XXX: suppress the warning as dfly currently doesn't support it */ 87 #ifdef IPV6_POLLADDRFLAG 88 # warning kernel does not report IPv6 address flag changes 89 # warning polling tentative address flags periodically 90 #endif 91 #endif 92 93 /* Hackery at it's finest. */ 94 #ifndef s6_addr32 95 # ifdef __sun 96 # define s6_addr32 _S6_un._S6_u32 97 # else 98 # define s6_addr32 __u6_addr.__u6_addr32 99 # endif 100 #endif 101 102 #if defined(HAVE_IN6_ADDR_GEN_MODE_NONE) || defined(ND6_IFF_AUTO_LINKLOCAL) || \ 103 defined(IFF_NOLINKLOCAL) 104 /* Only add the LL address if we have a carrier, so DaD works. */ 105 #define CAN_ADD_LLADDR(ifp) \ 106 (!((ifp)->options->options & DHCPCD_LINK) || (ifp)->carrier != LINK_DOWN) 107 #ifdef __sun 108 /* Although we can add our own LL address, we cannot drop it 109 * without unplumbing the if which is a lot of code. 110 * So just keep it for the time being. */ 111 #define CAN_DROP_LLADDR(ifp) (0) 112 #else 113 #define CAN_DROP_LLADDR(ifp) (1) 114 #endif 115 #else 116 /* We have no control over the OS adding the LLADDR, so just let it do it 117 * as we cannot force our own view on it. */ 118 #define CAN_ADD_LLADDR(ifp) (0) 119 #define CAN_DROP_LLADDR(ifp) (0) 120 #endif 121 122 #ifdef IPV6_MANAGETEMPADDR 123 static void ipv6_regentempifid(void *); 124 static void ipv6_regentempaddr(void *); 125 #else 126 #define ipv6_regentempifid(a) {} 127 #endif 128 129 int 130 ipv6_init(struct dhcpcd_ctx *ctx) 131 { 132 133 if (ctx->sndhdr.msg_iovlen == 1) 134 return 0; 135 136 if (ctx->ra_routers == NULL) { 137 ctx->ra_routers = malloc(sizeof(*ctx->ra_routers)); 138 if (ctx->ra_routers == NULL) 139 return -1; 140 } 141 TAILQ_INIT(ctx->ra_routers); 142 143 ctx->sndhdr.msg_namelen = sizeof(struct sockaddr_in6); 144 ctx->sndhdr.msg_iov = ctx->sndiov; 145 ctx->sndhdr.msg_iovlen = 1; 146 ctx->sndhdr.msg_control = ctx->sndbuf; 147 ctx->sndhdr.msg_controllen = sizeof(ctx->sndbuf); 148 ctx->rcvhdr.msg_name = &ctx->from; 149 ctx->rcvhdr.msg_namelen = sizeof(ctx->from); 150 ctx->rcvhdr.msg_iov = ctx->iov; 151 ctx->rcvhdr.msg_iovlen = 1; 152 ctx->rcvhdr.msg_control = ctx->ctlbuf; 153 // controllen is set at recieve 154 //ctx->rcvhdr.msg_controllen = sizeof(ctx->rcvbuf); 155 156 ctx->nd_fd = -1; 157 ctx->dhcp6_fd = -1; 158 return 0; 159 } 160 161 static ssize_t 162 ipv6_readsecret(struct dhcpcd_ctx *ctx) 163 { 164 FILE *fp; 165 char line[1024]; 166 unsigned char *p; 167 size_t len; 168 uint32_t r; 169 int x; 170 171 if ((ctx->secret_len = read_hwaddr_aton(&ctx->secret, SECRET)) != 0) 172 return (ssize_t)ctx->secret_len; 173 174 if (errno != ENOENT) 175 logerr("%s: %s", __func__, SECRET); 176 177 /* Chaining arc4random should be good enough. 178 * RFC7217 section 5.1 states the key SHOULD be at least 128 bits. 179 * To attempt and future proof ourselves, we'll generate a key of 180 * 512 bits (64 bytes). */ 181 if (ctx->secret_len < 64) { 182 if ((ctx->secret = malloc(64)) == NULL) { 183 logerr(__func__); 184 return -1; 185 } 186 ctx->secret_len = 64; 187 } 188 p = ctx->secret; 189 for (len = 0; len < 512 / NBBY; len += sizeof(r)) { 190 r = arc4random(); 191 memcpy(p, &r, sizeof(r)); 192 p += sizeof(r); 193 } 194 195 /* Ensure that only the dhcpcd user can read the secret. 196 * Write permission is also denied as chaning it would remove 197 * it's stability. */ 198 if ((fp = fopen(SECRET, "w")) == NULL || 199 chmod(SECRET, S_IRUSR) == -1) 200 goto eexit; 201 x = fprintf(fp, "%s\n", 202 hwaddr_ntoa(ctx->secret, ctx->secret_len, line, sizeof(line))); 203 if (fclose(fp) == EOF) 204 x = -1; 205 fp = NULL; 206 if (x > 0) 207 return (ssize_t)ctx->secret_len; 208 209 eexit: 210 logerr("%s: %s", __func__, SECRET); 211 if (fp != NULL) 212 fclose(fp); 213 unlink(SECRET); 214 ctx->secret_len = 0; 215 return -1; 216 } 217 218 /* http://www.iana.org/assignments/ipv6-interface-ids/ipv6-interface-ids.xhtml 219 * RFC5453 */ 220 static const struct reslowhigh { 221 const uint8_t high[8]; 222 const uint8_t low[8]; 223 } reslowhigh[] = { 224 /* RFC4291 + RFC6543 */ 225 { { 0x02, 0x00, 0x5e, 0xff, 0xfe, 0x00, 0x00, 0x00 }, 226 { 0x02, 0x00, 0x5e, 0xff, 0xfe, 0xff, 0xff, 0xff } }, 227 /* RFC2526 */ 228 { { 0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80 }, 229 { 0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff } } 230 }; 231 232 static int 233 ipv6_reserved(const struct in6_addr *addr) 234 { 235 uint64_t id, low, high; 236 size_t i; 237 const struct reslowhigh *r; 238 239 id = be64dec(addr->s6_addr + sizeof(id)); 240 if (id == 0) /* RFC4291 */ 241 return 1; 242 for (i = 0; i < sizeof(reslowhigh) / sizeof(reslowhigh[0]); i++) { 243 r = &reslowhigh[i]; 244 low = be64dec(r->low); 245 high = be64dec(r->high); 246 if (id >= low && id <= high) 247 return 1; 248 } 249 return 0; 250 } 251 252 /* RFC7217 */ 253 static int 254 ipv6_makestableprivate1(struct in6_addr *addr, 255 const struct in6_addr *prefix, int prefix_len, 256 const unsigned char *netiface, size_t netiface_len, 257 const unsigned char *netid, size_t netid_len, 258 unsigned short vlanid, 259 uint32_t *dad_counter, 260 const unsigned char *secret, size_t secret_len) 261 { 262 unsigned char buf[2048], *p, digest[SHA256_DIGEST_LENGTH]; 263 size_t len, l; 264 SHA256_CTX ctx; 265 266 if (prefix_len < 0 || prefix_len > 120) { 267 errno = EINVAL; 268 return -1; 269 } 270 271 l = (size_t)(ROUNDUP8(prefix_len) / NBBY); 272 len = l + netiface_len + netid_len + sizeof(*dad_counter) + secret_len; 273 if (vlanid != 0) 274 len += sizeof(vlanid); 275 if (len > sizeof(buf)) { 276 errno = ENOBUFS; 277 return -1; 278 } 279 280 for (;; (*dad_counter)++) { 281 /* Combine all parameters into one buffer */ 282 p = buf; 283 memcpy(p, prefix, l); 284 p += l; 285 memcpy(p, netiface, netiface_len); 286 p += netiface_len; 287 memcpy(p, netid, netid_len); 288 p += netid_len; 289 /* Don't use a vlanid if not set. 290 * This ensures prior versions have the same unique address. */ 291 if (vlanid != 0) { 292 memcpy(p, &vlanid, sizeof(vlanid)); 293 p += sizeof(vlanid); 294 } 295 memcpy(p, dad_counter, sizeof(*dad_counter)); 296 p += sizeof(*dad_counter); 297 memcpy(p, secret, secret_len); 298 299 /* Make an address using the digest of the above. 300 * RFC7217 Section 5.1 states that we shouldn't use MD5. 301 * Pity as we use that for HMAC-MD5 which is still deemed OK. 302 * SHA-256 is recommended */ 303 SHA256_Init(&ctx); 304 SHA256_Update(&ctx, buf, len); 305 SHA256_Final(digest, &ctx); 306 307 p = addr->s6_addr; 308 memcpy(p, prefix, l); 309 /* RFC7217 section 5.2 says we need to start taking the id from 310 * the least significant bit */ 311 len = sizeof(addr->s6_addr) - l; 312 memcpy(p + l, digest + (sizeof(digest) - len), len); 313 314 /* Ensure that the Interface ID does not match a reserved one, 315 * if it does then treat it as a DAD failure. 316 * RFC7217 section 5.2 */ 317 if (prefix_len != 64) 318 break; 319 if (!ipv6_reserved(addr)) 320 break; 321 } 322 323 return 0; 324 } 325 326 int 327 ipv6_makestableprivate(struct in6_addr *addr, 328 const struct in6_addr *prefix, int prefix_len, 329 const struct interface *ifp, 330 int *dad_counter) 331 { 332 uint32_t dad; 333 int r; 334 335 if (ifp->ctx->secret_len == 0) { 336 if (ipv6_readsecret(ifp->ctx) == -1) 337 return -1; 338 } 339 340 dad = (uint32_t)*dad_counter; 341 342 /* For our implementation, we shall set the hardware address 343 * as the interface identifier */ 344 r = ipv6_makestableprivate1(addr, prefix, prefix_len, 345 ifp->hwaddr, ifp->hwlen, 346 ifp->ssid, ifp->ssid_len, 347 ifp->vlanid, &dad, 348 ifp->ctx->secret, ifp->ctx->secret_len); 349 350 if (r == 0) 351 *dad_counter = (int)dad; 352 return r; 353 } 354 355 int 356 ipv6_makeaddr(struct in6_addr *addr, struct interface *ifp, 357 const struct in6_addr *prefix, int prefix_len) 358 { 359 const struct ipv6_addr *ap; 360 int dad; 361 362 if (prefix_len < 0 || prefix_len > 120) { 363 errno = EINVAL; 364 return -1; 365 } 366 367 if (ifp->options->options & DHCPCD_SLAACPRIVATE) { 368 dad = 0; 369 if (ipv6_makestableprivate(addr, 370 prefix, prefix_len, ifp, &dad) == -1) 371 return -1; 372 return dad; 373 } 374 375 if (prefix_len > 64) { 376 errno = EINVAL; 377 return -1; 378 } 379 if ((ap = ipv6_linklocal(ifp)) == NULL) { 380 /* We delay a few functions until we get a local-link address 381 * so this should never be hit. */ 382 errno = ENOENT; 383 return -1; 384 } 385 386 /* Make the address from the first local-link address */ 387 memcpy(addr, prefix, sizeof(*prefix)); 388 addr->s6_addr32[2] = ap->addr.s6_addr32[2]; 389 addr->s6_addr32[3] = ap->addr.s6_addr32[3]; 390 return 0; 391 } 392 393 static int 394 ipv6_makeprefix(struct in6_addr *prefix, const struct in6_addr *addr, int len) 395 { 396 int bytes, bits; 397 398 if (len < 0 || len > 128) { 399 errno = EINVAL; 400 return -1; 401 } 402 403 bytes = len / NBBY; 404 bits = len % NBBY; 405 memcpy(&prefix->s6_addr, &addr->s6_addr, (size_t)bytes); 406 if (bits != 0) { 407 /* Coverify false positive. 408 * bytelen cannot be 16 if bitlen is non zero */ 409 /* coverity[overrun-local] */ 410 prefix->s6_addr[bytes] = 411 (uint8_t)(prefix->s6_addr[bytes] >> (NBBY - bits)); 412 } 413 memset((char *)prefix->s6_addr + bytes, 0, 414 sizeof(prefix->s6_addr) - (size_t)bytes); 415 return 0; 416 } 417 418 int 419 ipv6_mask(struct in6_addr *mask, int len) 420 { 421 static const unsigned char masks[NBBY] = 422 { 0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe, 0xff }; 423 int bytes, bits, i; 424 425 if (len < 0 || len > 128) { 426 errno = EINVAL; 427 return -1; 428 } 429 430 memset(mask, 0, sizeof(*mask)); 431 bytes = len / NBBY; 432 bits = len % NBBY; 433 for (i = 0; i < bytes; i++) 434 mask->s6_addr[i] = 0xff; 435 if (bits != 0) { 436 /* Coverify false positive. 437 * bytelen cannot be 16 if bitlen is non zero */ 438 /* coverity[overrun-local] */ 439 mask->s6_addr[bytes] = masks[bits - 1]; 440 } 441 return 0; 442 } 443 444 uint8_t 445 ipv6_prefixlen(const struct in6_addr *mask) 446 { 447 int x = 0, y; 448 const unsigned char *lim, *p; 449 450 lim = (const unsigned char *)mask + sizeof(*mask); 451 for (p = (const unsigned char *)mask; p < lim; x++, p++) { 452 if (*p != 0xff) 453 break; 454 } 455 y = 0; 456 if (p < lim) { 457 for (y = 0; y < NBBY; y++) { 458 if ((*p & (0x80 >> y)) == 0) 459 break; 460 } 461 } 462 463 /* 464 * when the limit pointer is given, do a stricter check on the 465 * remaining bits. 466 */ 467 if (p < lim) { 468 if (y != 0 && (*p & (0x00ff >> y)) != 0) 469 return 0; 470 for (p = p + 1; p < lim; p++) 471 if (*p != 0) 472 return 0; 473 } 474 475 return (uint8_t)(x * NBBY + y); 476 } 477 478 static void 479 in6_to_h64(uint64_t *vhigh, uint64_t *vlow, const struct in6_addr *addr) 480 { 481 482 *vhigh = be64dec(addr->s6_addr); 483 *vlow = be64dec(addr->s6_addr + 8); 484 } 485 486 static void 487 h64_to_in6(struct in6_addr *addr, uint64_t vhigh, uint64_t vlow) 488 { 489 490 be64enc(addr->s6_addr, vhigh); 491 be64enc(addr->s6_addr + 8, vlow); 492 } 493 494 int 495 ipv6_userprefix( 496 const struct in6_addr *prefix, // prefix from router 497 short prefix_len, // length of prefix received 498 uint64_t user_number, // "random" number from user 499 struct in6_addr *result, // resultant prefix 500 short result_len) // desired prefix length 501 { 502 uint64_t vh, vl, user_low, user_high; 503 504 if (prefix_len < 1 || prefix_len > 128 || 505 result_len < 1 || result_len > 128) 506 { 507 errno = EINVAL; 508 return -1; 509 } 510 511 /* Check that the user_number fits inside result_len less prefix_len */ 512 if (result_len < prefix_len || 513 fls64(user_number) > result_len - prefix_len) 514 { 515 errno = ERANGE; 516 return -1; 517 } 518 519 /* If user_number is zero, just copy the prefix into the result. */ 520 if (user_number == 0) { 521 *result = *prefix; 522 return 0; 523 } 524 525 /* Shift user_number so it fit's just inside result_len. 526 * Shifting by 0 or sizeof(user_number) is undefined, 527 * so we cater for that. */ 528 if (result_len == 128) { 529 user_high = 0; 530 user_low = user_number; 531 } else if (result_len > 64) { 532 if (prefix_len >= 64) 533 user_high = 0; 534 else 535 user_high = user_number >> (result_len - prefix_len); 536 user_low = user_number << (128 - result_len); 537 } else if (result_len == 64) { 538 user_high = user_number; 539 user_low = 0; 540 } else { 541 user_high = user_number << (64 - result_len); 542 user_low = 0; 543 } 544 545 /* convert to two 64bit host order values */ 546 in6_to_h64(&vh, &vl, prefix); 547 548 vh |= user_high; 549 vl |= user_low; 550 551 /* copy back result */ 552 h64_to_in6(result, vh, vl); 553 554 return 0; 555 } 556 557 #ifdef IPV6_POLLADDRFLAG 558 void 559 ipv6_checkaddrflags(void *arg) 560 { 561 struct ipv6_addr *ia; 562 int flags; 563 const char *alias; 564 565 ia = arg; 566 #ifdef ALIAS_ADDR 567 alias = ia->alias; 568 #else 569 alias = NULL; 570 #endif 571 if ((flags = if_addrflags6(ia->iface, &ia->addr, alias)) == -1) { 572 if (errno != EEXIST && errno != EADDRNOTAVAIL) 573 logerr("%s: if_addrflags6", __func__); 574 return; 575 } 576 577 if (!(flags & IN6_IFF_TENTATIVE)) { 578 /* Simulate the kernel announcing the new address. */ 579 ipv6_handleifa(ia->iface->ctx, RTM_NEWADDR, 580 ia->iface->ctx->ifaces, ia->iface->name, 581 &ia->addr, ia->prefix_len, flags, 0); 582 } else { 583 /* Still tentative? Check again in a bit. */ 584 struct timespec tv; 585 586 ms_to_ts(&tv, RETRANS_TIMER / 2); 587 eloop_timeout_add_tv(ia->iface->ctx->eloop, &tv, 588 ipv6_checkaddrflags, ia); 589 } 590 } 591 #endif 592 593 static void 594 ipv6_deletedaddr(struct ipv6_addr *ia) 595 { 596 597 #ifdef SMALL 598 UNUSED(ia); 599 #else 600 /* NOREJECT is set if we delegated exactly the prefix to another 601 * address. 602 * This can only be one address, so just clear the flag. 603 * This should ensure the reject route will be restored. */ 604 if (ia->delegating_prefix != NULL) 605 ia->delegating_prefix->flags &= ~IPV6_AF_NOREJECT; 606 #endif 607 } 608 609 void 610 ipv6_deleteaddr(struct ipv6_addr *ia) 611 { 612 struct ipv6_state *state; 613 struct ipv6_addr *ap; 614 615 loginfox("%s: deleting address %s", ia->iface->name, ia->saddr); 616 if (if_address6(RTM_DELADDR, ia) == -1 && 617 errno != EADDRNOTAVAIL && errno != ESRCH && 618 errno != ENXIO && errno != ENODEV) 619 logerr(__func__); 620 621 ipv6_deletedaddr(ia); 622 623 state = IPV6_STATE(ia->iface); 624 TAILQ_FOREACH(ap, &state->addrs, next) { 625 if (IN6_ARE_ADDR_EQUAL(&ap->addr, &ia->addr)) { 626 TAILQ_REMOVE(&state->addrs, ap, next); 627 ipv6_freeaddr(ap); 628 break; 629 } 630 } 631 } 632 633 static int 634 ipv6_addaddr1(struct ipv6_addr *ia, const struct timespec *now) 635 { 636 struct interface *ifp; 637 struct ipv6_state *state; 638 struct ipv6_addr *ia2; 639 uint32_t pltime, vltime; 640 __printflike(1, 2) void (*logfunc)(const char *, ...); 641 642 /* Ensure no other interface has this address */ 643 TAILQ_FOREACH(ifp, ia->iface->ctx->ifaces, next) { 644 if (ifp == ia->iface) 645 continue; 646 state = IPV6_STATE(ifp); 647 if (state == NULL) 648 continue; 649 TAILQ_FOREACH(ia2, &state->addrs, next) { 650 if (IN6_ARE_ADDR_EQUAL(&ia2->addr, &ia->addr)) { 651 ipv6_deleteaddr(ia2); 652 break; 653 } 654 } 655 } 656 657 /* Remember the interface of the address. */ 658 ifp = ia->iface; 659 660 if (!(ia->flags & IPV6_AF_DADCOMPLETED) && 661 ipv6_iffindaddr(ifp, &ia->addr, IN6_IFF_NOTUSEABLE)) 662 ia->flags |= IPV6_AF_DADCOMPLETED; 663 664 /* Adjust plftime and vltime based on acquired time */ 665 pltime = ia->prefix_pltime; 666 vltime = ia->prefix_vltime; 667 if (timespecisset(&ia->acquired) && 668 (ia->prefix_pltime != ND6_INFINITE_LIFETIME || 669 ia->prefix_vltime != ND6_INFINITE_LIFETIME)) 670 { 671 struct timespec n; 672 673 if (now == NULL) { 674 clock_gettime(CLOCK_MONOTONIC, &n); 675 now = &n; 676 } 677 timespecsub(now, &ia->acquired, &n); 678 if (ia->prefix_pltime != ND6_INFINITE_LIFETIME) { 679 ia->prefix_pltime -= (uint32_t)n.tv_sec; 680 /* This can happen when confirming a 681 * deprecated but still valid lease. */ 682 if (ia->prefix_pltime > pltime) 683 ia->prefix_pltime = 0; 684 } 685 if (ia->prefix_vltime != ND6_INFINITE_LIFETIME) { 686 ia->prefix_vltime -= (uint32_t)n.tv_sec; 687 /* This should never happen. */ 688 if (ia->prefix_vltime > vltime) { 689 logerrx("%s: %s: lifetime overflow", 690 ifp->name, ia->saddr); 691 ia->prefix_vltime = ia->prefix_pltime = 0; 692 } 693 } 694 } 695 696 logfunc = ia->flags & IPV6_AF_NEW ? loginfox : logdebugx; 697 logfunc("%s: adding %saddress %s", ifp->name, 698 #ifdef IPV6_AF_TEMPORARY 699 ia->flags & IPV6_AF_TEMPORARY ? "temporary " : "", 700 #else 701 "", 702 #endif 703 ia->saddr); 704 if (ia->prefix_pltime == ND6_INFINITE_LIFETIME && 705 ia->prefix_vltime == ND6_INFINITE_LIFETIME) 706 logdebugx("%s: pltime infinity, vltime infinity", 707 ifp->name); 708 else if (ia->prefix_pltime == ND6_INFINITE_LIFETIME) 709 logdebugx("%s: pltime infinity, vltime %"PRIu32" seconds", 710 ifp->name, ia->prefix_vltime); 711 else if (ia->prefix_vltime == ND6_INFINITE_LIFETIME) 712 logdebugx("%s: pltime %"PRIu32"seconds, vltime infinity", 713 ifp->name, ia->prefix_pltime); 714 else 715 logdebugx("%s: pltime %"PRIu32" seconds, vltime %"PRIu32 716 " seconds", 717 ifp->name, ia->prefix_pltime, ia->prefix_vltime); 718 719 720 if (if_address6(RTM_NEWADDR, ia) == -1) { 721 logerr(__func__); 722 /* Restore real pltime and vltime */ 723 ia->prefix_pltime = pltime; 724 ia->prefix_vltime = vltime; 725 return -1; 726 } 727 728 #ifdef IPV6_MANAGETEMPADDR 729 /* RFC4941 Section 3.4 */ 730 if (ia->flags & IPV6_AF_TEMPORARY && 731 ia->prefix_pltime && 732 ia->prefix_vltime && 733 ip6_use_tempaddr(ifp->name)) 734 eloop_timeout_add_sec(ifp->ctx->eloop, 735 (time_t)ia->prefix_pltime - REGEN_ADVANCE, 736 ipv6_regentempaddr, ia); 737 #endif 738 739 /* Restore real pltime and vltime */ 740 ia->prefix_pltime = pltime; 741 ia->prefix_vltime = vltime; 742 743 ia->flags &= ~IPV6_AF_NEW; 744 ia->flags |= IPV6_AF_ADDED; 745 #ifndef SMALL 746 if (ia->delegating_prefix != NULL) 747 ia->flags |= IPV6_AF_DELEGATED; 748 #endif 749 750 #ifdef IPV6_POLLADDRFLAG 751 eloop_timeout_delete(ifp->ctx->eloop, 752 ipv6_checkaddrflags, ia); 753 if (!(ia->flags & IPV6_AF_DADCOMPLETED)) { 754 struct timespec tv; 755 756 ms_to_ts(&tv, RETRANS_TIMER / 2); 757 eloop_timeout_add_tv(ifp->ctx->eloop, 758 &tv, ipv6_checkaddrflags, ia); 759 } 760 #endif 761 762 #ifdef __sun 763 /* Solaris does not announce new addresses which need DaD 764 * so we need to take a copy and add it to our list. 765 * Otherwise aliasing gets confused if we add another 766 * address during DaD. */ 767 768 state = IPV6_STATE(ifp); 769 TAILQ_FOREACH(ia2, &state->addrs, next) { 770 if (IN6_ARE_ADDR_EQUAL(&ia2->addr, &ia->addr)) 771 break; 772 } 773 if (ia2 == NULL) { 774 if ((ia2 = malloc(sizeof(*ia2))) == NULL) { 775 logerr(__func__); 776 return 0; /* Well, we did add the address */ 777 } 778 memcpy(ia2, ia, sizeof(*ia2)); 779 TAILQ_INSERT_TAIL(&state->addrs, ia2, next); 780 } 781 #endif 782 783 return 0; 784 } 785 786 #ifdef ALIAS_ADDR 787 /* Find the next logical aliase address we can use. */ 788 static int 789 ipv6_aliasaddr(struct ipv6_addr *ia, struct ipv6_addr **repl) 790 { 791 struct ipv6_state *state; 792 struct ipv6_addr *iap; 793 unsigned int unit; 794 char alias[IF_NAMESIZE]; 795 796 if (ia->alias[0] != '\0') 797 return 0; 798 state = IPV6_STATE(ia->iface); 799 800 /* First find an existng address. 801 * This can happen when dhcpcd restarts as ND and DHCPv6 802 * maintain their own lists of addresses. */ 803 TAILQ_FOREACH(iap, &state->addrs, next) { 804 if (iap->alias[0] != '\0' && 805 IN6_ARE_ADDR_EQUAL(&iap->addr, &ia->addr)) 806 { 807 strlcpy(ia->alias, iap->alias, sizeof(ia->alias)); 808 return 0; 809 } 810 } 811 812 unit = 0; 813 find_unit: 814 if (unit == 0) 815 strlcpy(alias, ia->iface->name, sizeof(alias)); 816 else 817 snprintf(alias, sizeof(alias), "%s:%u", ia->iface->name, unit); 818 TAILQ_FOREACH(iap, &state->addrs, next) { 819 if (iap->alias[0] == '\0') 820 continue; 821 if (IN6_IS_ADDR_UNSPECIFIED(&iap->addr)) { 822 /* No address assigned? Lets use it. */ 823 strlcpy(ia->alias, iap->alias, sizeof(ia->alias)); 824 if (repl) 825 *repl = iap; 826 return 1; 827 } 828 if (strcmp(iap->alias, alias) == 0) 829 break; 830 } 831 832 if (iap != NULL) { 833 if (unit == UINT_MAX) { 834 errno = ERANGE; 835 return -1; 836 } 837 unit++; 838 goto find_unit; 839 } 840 841 strlcpy(ia->alias, alias, sizeof(ia->alias)); 842 return 0; 843 } 844 #endif 845 846 int 847 ipv6_addaddr(struct ipv6_addr *ia, const struct timespec *now) 848 { 849 int r; 850 #ifdef ALIAS_ADDR 851 int replaced, blank; 852 struct ipv6_addr *replaced_ia; 853 854 blank = (ia->alias[0] == '\0'); 855 if ((replaced = ipv6_aliasaddr(ia, &replaced_ia)) == -1) 856 return -1; 857 if (blank) 858 logdebugx("%s: aliased %s", ia->alias, ia->saddr); 859 #endif 860 861 if ((r = ipv6_addaddr1(ia, now)) == 0) { 862 #ifdef ALIAS_ADDR 863 if (replaced) { 864 struct ipv6_state *state; 865 866 state = IPV6_STATE(ia->iface); 867 TAILQ_REMOVE(&state->addrs, replaced_ia, next); 868 ipv6_freeaddr(replaced_ia); 869 } 870 #endif 871 } 872 return r; 873 } 874 875 int 876 ipv6_findaddrmatch(const struct ipv6_addr *addr, const struct in6_addr *match, 877 unsigned int flags) 878 { 879 880 if (match == NULL) { 881 if ((addr->flags & 882 (IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED)) == 883 (IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED)) 884 return 1; 885 } else if (addr->prefix_vltime && 886 IN6_ARE_ADDR_EQUAL(&addr->addr, match) && 887 (!flags || addr->flags & flags)) 888 return 1; 889 890 return 0; 891 } 892 893 struct ipv6_addr * 894 ipv6_findaddr(struct dhcpcd_ctx *ctx, const struct in6_addr *addr, unsigned int flags) 895 { 896 struct ipv6_addr *dap, *nap; 897 898 dap = dhcp6_findaddr(ctx, addr, flags); 899 nap = ipv6nd_findaddr(ctx, addr, flags); 900 if (!dap && !nap) 901 return NULL; 902 if (dap && !nap) 903 return dap; 904 if (nap && !dap) 905 return nap; 906 if (nap->iface->metric < dap->iface->metric) 907 return nap; 908 return dap; 909 } 910 911 ssize_t 912 ipv6_addaddrs(struct ipv6_addrhead *addrs) 913 { 914 struct ipv6_addr *ap, *apn, *apf; 915 ssize_t i; 916 struct timespec now; 917 918 i = 0; 919 timespecclear(&now); 920 TAILQ_FOREACH_SAFE(ap, addrs, next, apn) { 921 /* A delegated prefix is not an address. */ 922 if (ap->flags & IPV6_AF_DELEGATEDPFX) 923 continue; 924 if (ap->prefix_vltime == 0) { 925 if (ap->flags & IPV6_AF_ADDED) { 926 ipv6_deleteaddr(ap); 927 i++; 928 } 929 eloop_q_timeout_delete(ap->iface->ctx->eloop, 930 0, NULL, ap); 931 if (ap->flags & IPV6_AF_REQUEST) { 932 ap->flags &= ~IPV6_AF_ADDED; 933 } else { 934 TAILQ_REMOVE(addrs, ap, next); 935 ipv6_freeaddr(ap); 936 } 937 } else if (!(ap->flags & IPV6_AF_STALE) && 938 !IN6_IS_ADDR_UNSPECIFIED(&ap->addr)) 939 { 940 apf = ipv6_findaddr(ap->iface->ctx, 941 &ap->addr, IPV6_AF_ADDED); 942 if (apf && apf->iface != ap->iface) { 943 if (apf->iface->metric <= ap->iface->metric) { 944 loginfox("%s: preferring %s on %s", 945 ap->iface->name, 946 ap->saddr, 947 apf->iface->name); 948 continue; 949 } 950 loginfox("%s: preferring %s on %s", 951 apf->iface->name, 952 ap->saddr, 953 ap->iface->name); 954 if (if_address6(RTM_DELADDR, apf) == -1 && 955 errno != EADDRNOTAVAIL && errno != ENXIO) 956 logerr(__func__); 957 apf->flags &= 958 ~(IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED); 959 } else if (apf) 960 apf->flags &= ~IPV6_AF_ADDED; 961 if (ap->flags & IPV6_AF_NEW) 962 i++; 963 if (!timespecisset(&now)) 964 clock_gettime(CLOCK_MONOTONIC, &now); 965 ipv6_addaddr(ap, &now); 966 } 967 } 968 969 return i; 970 } 971 972 void 973 ipv6_freeaddr(struct ipv6_addr *ia) 974 { 975 #ifndef SMALL 976 struct ipv6_addr *iad; 977 978 /* Forget the reference */ 979 if (ia->flags & IPV6_AF_DELEGATEDPFX) { 980 TAILQ_FOREACH(iad, &ia->pd_pfxs, pd_next) { 981 iad->delegating_prefix = NULL; 982 } 983 } else if (ia->delegating_prefix != NULL) { 984 TAILQ_REMOVE(&ia->delegating_prefix->pd_pfxs, ia, pd_next); 985 } 986 #endif 987 988 if (ia->dhcp6_fd != -1) { 989 close(ia->dhcp6_fd); 990 eloop_event_delete(ia->iface->ctx->eloop, ia->dhcp6_fd); 991 } 992 993 eloop_q_timeout_delete(ia->iface->ctx->eloop, 0, NULL, ia); 994 free(ia); 995 } 996 997 void 998 ipv6_freedrop_addrs(struct ipv6_addrhead *addrs, int drop, 999 const struct interface *ifd) 1000 { 1001 struct ipv6_addr *ap, *apn, *apf; 1002 struct timespec now; 1003 1004 #ifdef SMALL 1005 UNUSED(ifd); 1006 #endif 1007 timespecclear(&now); 1008 TAILQ_FOREACH_SAFE(ap, addrs, next, apn) { 1009 #ifndef SMALL 1010 if (ifd != NULL && 1011 (ap->delegating_prefix == NULL || 1012 ap->delegating_prefix->iface != ifd)) 1013 continue; 1014 #endif 1015 if (drop != 2) 1016 TAILQ_REMOVE(addrs, ap, next); 1017 if (drop && ap->flags & IPV6_AF_ADDED && 1018 (ap->iface->options->options & 1019 (DHCPCD_EXITING | DHCPCD_PERSISTENT)) != 1020 (DHCPCD_EXITING | DHCPCD_PERSISTENT)) 1021 { 1022 /* Don't drop link-local addresses. */ 1023 if (!IN6_IS_ADDR_LINKLOCAL(&ap->addr) || 1024 CAN_DROP_LLADDR(ap->iface)) 1025 { 1026 if (drop == 2) 1027 TAILQ_REMOVE(addrs, ap, next); 1028 /* Find the same address somewhere else */ 1029 apf = ipv6_findaddr(ap->iface->ctx, &ap->addr, 1030 0); 1031 if ((apf == NULL || 1032 (apf->iface != ap->iface))) 1033 ipv6_deleteaddr(ap); 1034 if (!(ap->iface->options->options & 1035 DHCPCD_EXITING) && apf) 1036 { 1037 if (!timespecisset(&now)) 1038 clock_gettime(CLOCK_MONOTONIC, 1039 &now); 1040 ipv6_addaddr(apf, &now); 1041 } 1042 if (drop == 2) 1043 ipv6_freeaddr(ap); 1044 } 1045 } 1046 if (drop != 2) 1047 ipv6_freeaddr(ap); 1048 } 1049 } 1050 1051 static struct ipv6_state * 1052 ipv6_getstate(struct interface *ifp) 1053 { 1054 struct ipv6_state *state; 1055 1056 state = IPV6_STATE(ifp); 1057 if (state == NULL) { 1058 ifp->if_data[IF_DATA_IPV6] = calloc(1, sizeof(*state)); 1059 state = IPV6_STATE(ifp); 1060 if (state == NULL) { 1061 logerr(__func__); 1062 return NULL; 1063 } 1064 TAILQ_INIT(&state->addrs); 1065 TAILQ_INIT(&state->ll_callbacks); 1066 1067 /* Regenerate new ids */ 1068 if (ifp->options && 1069 ip6_use_tempaddr(ifp->name)) 1070 ipv6_regentempifid(ifp); 1071 } 1072 return state; 1073 } 1074 1075 void 1076 ipv6_handleifa(struct dhcpcd_ctx *ctx, 1077 int cmd, struct if_head *ifs, const char *ifname, 1078 const struct in6_addr *addr, uint8_t prefix_len, int addrflags, pid_t pid) 1079 { 1080 struct interface *ifp; 1081 struct ipv6_state *state; 1082 struct ipv6_addr *ia; 1083 struct ll_callback *cb; 1084 1085 #if 0 1086 char dbuf[INET6_ADDRSTRLEN]; 1087 const char *dbp; 1088 1089 dbp = inet_ntop(AF_INET6, &addr->s6_addr, 1090 dbuf, INET6_ADDRSTRLEN); 1091 loginfox("%s: cmd %d addr %s", 1092 ifname, cmd, dbp); 1093 #endif 1094 1095 if (ifs == NULL) 1096 ifs = ctx->ifaces; 1097 if (ifs == NULL) 1098 return; 1099 if ((ifp = if_find(ifs, ifname)) == NULL) 1100 return; 1101 if ((state = ipv6_getstate(ifp)) == NULL) 1102 return; 1103 1104 TAILQ_FOREACH(ia, &state->addrs, next) { 1105 if (IN6_ARE_ADDR_EQUAL(&ia->addr, addr)) 1106 break; 1107 } 1108 1109 switch (cmd) { 1110 case RTM_DELADDR: 1111 if (ia != NULL) { 1112 TAILQ_REMOVE(&state->addrs, ia, next); 1113 /* We'll free it at the end of the function. */ 1114 } 1115 break; 1116 case RTM_NEWADDR: 1117 if (ia == NULL) { 1118 ia = ipv6_newaddr(ifp, addr, prefix_len, 0); 1119 #ifdef ALIAS_ADDR 1120 strlcpy(ia->alias, ifname, sizeof(ia->alias)); 1121 #endif 1122 if (if_getlifetime6(ia) == -1) { 1123 /* No support or address vanished. 1124 * Either way, just set a deprecated 1125 * infinite time lifetime and continue. 1126 * This is fine because we only want 1127 * to know this when trying to extend 1128 * temporary addresses. 1129 * As we can't extend infinite, we'll 1130 * create a new temporary address. */ 1131 ia->prefix_pltime = 0; 1132 ia->prefix_vltime = 1133 ND6_INFINITE_LIFETIME; 1134 } 1135 /* This is a minor regression against RFC 4941 1136 * because the kernel only knows when the 1137 * lifetimes were last updated, not when the 1138 * address was initially created. 1139 * Provided dhcpcd is not restarted, this 1140 * won't be a problem. 1141 * If we don't like it, we can always 1142 * pretend lifetimes are infinite and always 1143 * generate a new temporary address on 1144 * restart. */ 1145 ia->acquired = ia->created; 1146 TAILQ_INSERT_TAIL(&state->addrs, ia, next); 1147 } 1148 ia->addr_flags = addrflags; 1149 ia->flags &= ~IPV6_AF_STALE; 1150 #ifdef IPV6_MANAGETEMPADDR 1151 if (ia->addr_flags & IN6_IFF_TEMPORARY) 1152 ia->flags |= IPV6_AF_TEMPORARY; 1153 #endif 1154 if (IN6_IS_ADDR_LINKLOCAL(&ia->addr) || ia->dadcallback) { 1155 #ifdef IPV6_POLLADDRFLAG 1156 if (ia->addr_flags & IN6_IFF_TENTATIVE) { 1157 struct timespec tv; 1158 1159 ms_to_ts(&tv, RETRANS_TIMER / 2); 1160 eloop_timeout_add_tv( 1161 ia->iface->ctx->eloop, 1162 &tv, ipv6_checkaddrflags, ia); 1163 break; 1164 } 1165 #endif 1166 1167 if (ia->dadcallback) { 1168 ia->dadcallback(ia); 1169 if (ctx->options & DHCPCD_FORKED) 1170 goto out; 1171 } 1172 1173 if (IN6_IS_ADDR_LINKLOCAL(&ia->addr) && 1174 !(ia->addr_flags & IN6_IFF_NOTUSEABLE)) 1175 { 1176 /* Now run any callbacks. 1177 * Typically IPv6RS or DHCPv6 */ 1178 while ((cb = 1179 TAILQ_FIRST(&state->ll_callbacks))) 1180 { 1181 TAILQ_REMOVE( 1182 &state->ll_callbacks, 1183 cb, next); 1184 cb->callback(cb->arg); 1185 free(cb); 1186 if (ctx->options & DHCPCD_FORKED) 1187 goto out; 1188 } 1189 } 1190 } 1191 break; 1192 } 1193 1194 if (ia == NULL) 1195 return; 1196 1197 ipv6nd_handleifa(cmd, ia, pid); 1198 #ifdef DHCP6 1199 dhcp6_handleifa(cmd, ia, pid); 1200 #endif 1201 1202 out: 1203 /* Done with the ia now, so free it. */ 1204 if (cmd == RTM_DELADDR) 1205 ipv6_freeaddr(ia); 1206 } 1207 1208 int 1209 ipv6_hasaddr(const struct interface *ifp) 1210 { 1211 1212 if (ipv6nd_iffindaddr(ifp, NULL, 0) != NULL) 1213 return 1; 1214 if (dhcp6_iffindaddr(ifp, NULL, 0) != NULL) 1215 return 1; 1216 return 0; 1217 } 1218 1219 struct ipv6_addr * 1220 ipv6_iffindaddr(struct interface *ifp, const struct in6_addr *addr, 1221 int revflags) 1222 { 1223 struct ipv6_state *state; 1224 struct ipv6_addr *ap; 1225 1226 state = IPV6_STATE(ifp); 1227 if (state) { 1228 TAILQ_FOREACH(ap, &state->addrs, next) { 1229 if (addr == NULL) { 1230 if (IN6_IS_ADDR_LINKLOCAL(&ap->addr) && 1231 (!revflags || !(ap->addr_flags & revflags))) 1232 return ap; 1233 } else { 1234 if (IN6_ARE_ADDR_EQUAL(&ap->addr, addr) && 1235 (!revflags || !(ap->addr_flags & revflags))) 1236 return ap; 1237 } 1238 } 1239 } 1240 return NULL; 1241 } 1242 1243 static struct ipv6_addr * 1244 ipv6_iffindmaskaddr(const struct interface *ifp, const struct in6_addr *addr) 1245 { 1246 struct ipv6_state *state; 1247 struct ipv6_addr *ap; 1248 struct in6_addr mask; 1249 1250 state = IPV6_STATE(ifp); 1251 if (state) { 1252 TAILQ_FOREACH(ap, &state->addrs, next) { 1253 if (ipv6_mask(&mask, ap->prefix_len) == -1) 1254 continue; 1255 if (IN6_ARE_MASKED_ADDR_EQUAL(&ap->addr, addr, &mask)) 1256 return ap; 1257 } 1258 } 1259 return NULL; 1260 } 1261 1262 struct ipv6_addr * 1263 ipv6_findmaskaddr(struct dhcpcd_ctx *ctx, const struct in6_addr *addr) 1264 { 1265 struct interface *ifp; 1266 struct ipv6_addr *ap; 1267 1268 TAILQ_FOREACH(ifp, ctx->ifaces, next) { 1269 ap = ipv6_iffindmaskaddr(ifp, addr); 1270 if (ap != NULL) 1271 return ap; 1272 } 1273 return NULL; 1274 } 1275 1276 int 1277 ipv6_addlinklocalcallback(struct interface *ifp, 1278 void (*callback)(void *), void *arg) 1279 { 1280 struct ipv6_state *state; 1281 struct ll_callback *cb; 1282 1283 state = ipv6_getstate(ifp); 1284 TAILQ_FOREACH(cb, &state->ll_callbacks, next) { 1285 if (cb->callback == callback && cb->arg == arg) 1286 break; 1287 } 1288 if (cb == NULL) { 1289 cb = malloc(sizeof(*cb)); 1290 if (cb == NULL) { 1291 logerr(__func__); 1292 return -1; 1293 } 1294 cb->callback = callback; 1295 cb->arg = arg; 1296 TAILQ_INSERT_TAIL(&state->ll_callbacks, cb, next); 1297 } 1298 return 0; 1299 } 1300 1301 static struct ipv6_addr * 1302 ipv6_newlinklocal(struct interface *ifp) 1303 { 1304 struct ipv6_addr *ia; 1305 struct in6_addr in6; 1306 1307 memset(&in6, 0, sizeof(in6)); 1308 in6.s6_addr32[0] = htonl(0xfe800000); 1309 ia = ipv6_newaddr(ifp, &in6, 64, 0); 1310 if (ia != NULL) { 1311 ia->prefix_pltime = ND6_INFINITE_LIFETIME; 1312 ia->prefix_vltime = ND6_INFINITE_LIFETIME; 1313 } 1314 return ia; 1315 } 1316 1317 static const uint8_t allzero[8] = { 0, 0, 0, 0, 0, 0, 0, 0 }; 1318 static const uint8_t allone[8] = 1319 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 1320 1321 static int 1322 ipv6_addlinklocal(struct interface *ifp) 1323 { 1324 struct ipv6_state *state; 1325 struct ipv6_addr *ap, *ap2; 1326 int dadcounter; 1327 1328 /* Check sanity before malloc */ 1329 if (!(ifp->options->options & DHCPCD_SLAACPRIVATE)) { 1330 switch (ifp->family) { 1331 case ARPHRD_ETHER: 1332 /* Check for a valid hardware address */ 1333 if (ifp->hwlen != 6 && ifp->hwlen != 8) { 1334 errno = ENOTSUP; 1335 return -1; 1336 } 1337 if (memcmp(ifp->hwaddr, allzero, ifp->hwlen) == 0 || 1338 memcmp(ifp->hwaddr, allone, ifp->hwlen) == 0) 1339 { 1340 errno = EINVAL; 1341 return -1; 1342 } 1343 break; 1344 default: 1345 errno = ENOTSUP; 1346 return -1; 1347 } 1348 } 1349 1350 state = ipv6_getstate(ifp); 1351 if (state == NULL) 1352 return -1; 1353 1354 ap = ipv6_newlinklocal(ifp); 1355 if (ap == NULL) 1356 return -1; 1357 1358 dadcounter = 0; 1359 if (ifp->options->options & DHCPCD_SLAACPRIVATE) { 1360 nextslaacprivate: 1361 if (ipv6_makestableprivate(&ap->addr, 1362 &ap->prefix, ap->prefix_len, ifp, &dadcounter) == -1) 1363 { 1364 free(ap); 1365 return -1; 1366 } 1367 ap->dadcounter = dadcounter; 1368 } else { 1369 memcpy(ap->addr.s6_addr, ap->prefix.s6_addr, 8); 1370 switch (ifp->family) { 1371 case ARPHRD_ETHER: 1372 if (ifp->hwlen == 6) { 1373 ap->addr.s6_addr[ 8] = ifp->hwaddr[0]; 1374 ap->addr.s6_addr[ 9] = ifp->hwaddr[1]; 1375 ap->addr.s6_addr[10] = ifp->hwaddr[2]; 1376 ap->addr.s6_addr[11] = 0xff; 1377 ap->addr.s6_addr[12] = 0xfe; 1378 ap->addr.s6_addr[13] = ifp->hwaddr[3]; 1379 ap->addr.s6_addr[14] = ifp->hwaddr[4]; 1380 ap->addr.s6_addr[15] = ifp->hwaddr[5]; 1381 } else if (ifp->hwlen == 8) 1382 memcpy(&ap->addr.s6_addr[8], ifp->hwaddr, 8); 1383 else { 1384 free(ap); 1385 errno = ENOTSUP; 1386 return -1; 1387 } 1388 break; 1389 } 1390 1391 /* Sanity check: g bit must not indciate "group" */ 1392 if (EUI64_GROUP(&ap->addr)) { 1393 free(ap); 1394 errno = EINVAL; 1395 return -1; 1396 } 1397 EUI64_TO_IFID(&ap->addr); 1398 } 1399 1400 /* Do we already have this address? */ 1401 TAILQ_FOREACH(ap2, &state->addrs, next) { 1402 if (IN6_ARE_ADDR_EQUAL(&ap->addr, &ap2->addr)) { 1403 if (ap2->addr_flags & IN6_IFF_DUPLICATED) { 1404 if (ifp->options->options & 1405 DHCPCD_SLAACPRIVATE) 1406 { 1407 dadcounter++; 1408 goto nextslaacprivate; 1409 } 1410 free(ap); 1411 errno = EADDRNOTAVAIL; 1412 return -1; 1413 } 1414 1415 logwarnx("%s: waiting for %s to complete", 1416 ap2->iface->name, ap2->saddr); 1417 free(ap); 1418 errno = EEXIST; 1419 return 0; 1420 } 1421 } 1422 1423 inet_ntop(AF_INET6, &ap->addr, ap->saddr, sizeof(ap->saddr)); 1424 TAILQ_INSERT_TAIL(&state->addrs, ap, next); 1425 ipv6_addaddr(ap, NULL); 1426 return 1; 1427 } 1428 1429 static int 1430 ipv6_tryaddlinklocal(struct interface *ifp) 1431 { 1432 struct ipv6_addr *ia; 1433 1434 /* We can't assign a link-locak address to this, 1435 * the ppp process has to. */ 1436 if (ifp->flags & IFF_POINTOPOINT) 1437 return 0; 1438 1439 ia = ipv6_iffindaddr(ifp, NULL, IN6_IFF_DUPLICATED); 1440 if (ia != NULL) { 1441 #ifdef IPV6_POLLADDRFLAG 1442 if (ia->addr_flags & IN6_IFF_TENTATIVE) { 1443 struct timespec tv; 1444 1445 ms_to_ts(&tv, RETRANS_TIMER / 2); 1446 eloop_timeout_add_tv( 1447 ia->iface->ctx->eloop, 1448 &tv, ipv6_checkaddrflags, ia); 1449 } 1450 #endif 1451 return 0; 1452 } 1453 if (!CAN_ADD_LLADDR(ifp)) 1454 return 0; 1455 1456 return ipv6_addlinklocal(ifp); 1457 } 1458 1459 struct ipv6_addr * 1460 ipv6_newaddr(struct interface *ifp, const struct in6_addr *addr, 1461 uint8_t prefix_len, unsigned int flags) 1462 { 1463 struct ipv6_addr *ia; 1464 char buf[INET6_ADDRSTRLEN]; 1465 const char *cbp; 1466 bool tempaddr; 1467 int addr_flags; 1468 1469 /* If adding a new DHCP / RA derived address, check current flags 1470 * from an existing address. */ 1471 ia = ipv6_iffindaddr(ifp, addr, 0); 1472 if (ia != NULL) 1473 addr_flags = ia->addr_flags; 1474 else 1475 addr_flags = IN6_IFF_TENTATIVE; 1476 1477 ia = calloc(1, sizeof(*ia)); 1478 if (ia == NULL) 1479 goto err; 1480 1481 ia->iface = ifp; 1482 ia->flags = IPV6_AF_NEW | flags; 1483 ia->addr_flags = addr_flags; 1484 ia->prefix_len = prefix_len; 1485 ia->dhcp6_fd = -1; 1486 1487 #ifdef IPV6_AF_TEMPORARY 1488 tempaddr = ia->flags & IPV6_AF_TEMPORARY; 1489 #else 1490 tempaddr = false; 1491 #endif 1492 1493 if (ia->flags & IPV6_AF_AUTOCONF && !tempaddr) { 1494 ia->prefix = *addr; 1495 ia->dadcounter = ipv6_makeaddr(&ia->addr, ifp, 1496 &ia->prefix, 1497 ia->prefix_len); 1498 if (ia->dadcounter == -1) 1499 goto err; 1500 } else if (ia->flags & IPV6_AF_RAPFX) { 1501 ia->prefix = *addr; 1502 return ia; 1503 } else if (ia->flags & (IPV6_AF_REQUEST | IPV6_AF_DELEGATEDPFX) && 1504 prefix_len != 128) 1505 { 1506 ia->prefix = *addr; 1507 cbp = inet_ntop(AF_INET6, &ia->prefix, buf, sizeof(buf)); 1508 goto paddr; 1509 } else { 1510 ia->addr = *addr; 1511 if (ipv6_makeprefix(&ia->prefix, 1512 &ia->addr, ia->prefix_len) == -1) 1513 goto err; 1514 } 1515 1516 cbp = inet_ntop(AF_INET6, &ia->addr, buf, sizeof(buf)); 1517 paddr: 1518 if (cbp == NULL) 1519 goto err; 1520 snprintf(ia->saddr, sizeof(ia->saddr), "%s/%d", cbp, ia->prefix_len); 1521 1522 return ia; 1523 1524 err: 1525 logerr(__func__); 1526 free(ia); 1527 return NULL; 1528 } 1529 1530 static void 1531 ipv6_staticdadcallback(void *arg) 1532 { 1533 struct ipv6_addr *ia = arg; 1534 int wascompleted; 1535 1536 wascompleted = (ia->flags & IPV6_AF_DADCOMPLETED); 1537 ia->flags |= IPV6_AF_DADCOMPLETED; 1538 if (ia->flags & IPV6_AF_DUPLICATED) 1539 logwarnx("%s: DAD detected %s", ia->iface->name, 1540 ia->saddr); 1541 else if (!wascompleted) { 1542 logdebugx("%s: IPv6 static DAD completed", 1543 ia->iface->name); 1544 } 1545 1546 #define FINISHED (IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED) 1547 if (!wascompleted) { 1548 struct interface *ifp; 1549 struct ipv6_state *state; 1550 1551 ifp = ia->iface; 1552 state = IPV6_STATE(ifp); 1553 TAILQ_FOREACH(ia, &state->addrs, next) { 1554 if (ia->flags & IPV6_AF_STATIC && 1555 (ia->flags & FINISHED) != FINISHED) 1556 { 1557 wascompleted = 1; 1558 break; 1559 } 1560 } 1561 if (!wascompleted) 1562 script_runreason(ifp, "STATIC6"); 1563 } 1564 #undef FINISHED 1565 } 1566 1567 ssize_t 1568 ipv6_env(char **env, const char *prefix, const struct interface *ifp) 1569 { 1570 char **ep; 1571 ssize_t n; 1572 struct ipv6_addr *ia; 1573 1574 ep = env; 1575 n = 0; 1576 ia = ipv6_iffindaddr(UNCONST(ifp), &ifp->options->req_addr6, 1577 IN6_IFF_NOTUSEABLE); 1578 if (ia) { 1579 if (env) 1580 addvar(&ep, prefix, "ip6_address", ia->saddr); 1581 n++; 1582 } 1583 1584 return n; 1585 } 1586 1587 int 1588 ipv6_staticdadcompleted(const struct interface *ifp) 1589 { 1590 const struct ipv6_state *state; 1591 const struct ipv6_addr *ia; 1592 int n; 1593 1594 if ((state = IPV6_CSTATE(ifp)) == NULL) 1595 return 0; 1596 n = 0; 1597 #define COMPLETED (IPV6_AF_STATIC | IPV6_AF_ADDED | IPV6_AF_DADCOMPLETED) 1598 TAILQ_FOREACH(ia, &state->addrs, next) { 1599 if ((ia->flags & COMPLETED) == COMPLETED && 1600 !(ia->addr_flags & IN6_IFF_NOTUSEABLE)) 1601 n++; 1602 } 1603 return n; 1604 } 1605 1606 int 1607 ipv6_startstatic(struct interface *ifp) 1608 { 1609 struct ipv6_addr *ia; 1610 int run_script; 1611 1612 if (IN6_IS_ADDR_UNSPECIFIED(&ifp->options->req_addr6)) 1613 return 0; 1614 1615 ia = ipv6_iffindaddr(ifp, &ifp->options->req_addr6, 0); 1616 if (ia != NULL && 1617 (ia->prefix_len != ifp->options->req_prefix_len || 1618 ia->addr_flags & IN6_IFF_NOTUSEABLE)) 1619 { 1620 ipv6_deleteaddr(ia); 1621 ia = NULL; 1622 } 1623 if (ia == NULL) { 1624 struct ipv6_state *state; 1625 1626 ia = ipv6_newaddr(ifp, &ifp->options->req_addr6, 1627 ifp->options->req_prefix_len, 0); 1628 if (ia == NULL) 1629 return -1; 1630 state = IPV6_STATE(ifp); 1631 TAILQ_INSERT_TAIL(&state->addrs, ia, next); 1632 run_script = 0; 1633 } else 1634 run_script = 1; 1635 ia->flags |= IPV6_AF_STATIC | IPV6_AF_ONLINK; 1636 ia->prefix_vltime = ND6_INFINITE_LIFETIME; 1637 ia->prefix_pltime = ND6_INFINITE_LIFETIME; 1638 ia->dadcallback = ipv6_staticdadcallback; 1639 ipv6_addaddr(ia, NULL); 1640 if_initrt(ifp->ctx, AF_INET6); 1641 rt_build(ifp->ctx, AF_INET6); 1642 if (run_script) 1643 script_runreason(ifp, "STATIC6"); 1644 return 1; 1645 } 1646 1647 /* Ensure the interface has a link-local address */ 1648 int 1649 ipv6_start(struct interface *ifp) 1650 { 1651 #ifdef IPV6_POLLADDRFLAG 1652 struct ipv6_state *state; 1653 1654 /* We need to update the address flags. */ 1655 if ((state = IPV6_STATE(ifp)) != NULL) { 1656 struct ipv6_addr *ia; 1657 const char *alias; 1658 int flags; 1659 1660 TAILQ_FOREACH(ia, &state->addrs, next) { 1661 #ifdef ALIAS_ADDR 1662 alias = ia->alias; 1663 #else 1664 alias = NULL; 1665 #endif 1666 flags = if_addrflags6(ia->iface, &ia->addr, alias); 1667 if (flags != -1) 1668 ia->addr_flags = flags; 1669 } 1670 } 1671 #endif 1672 1673 if (ipv6_tryaddlinklocal(ifp) == -1) 1674 return -1; 1675 1676 if (IPV6_CSTATE(ifp)) { 1677 /* Regenerate new ids */ 1678 if (ip6_use_tempaddr(ifp->name)) 1679 ipv6_regentempifid(ifp); 1680 } 1681 1682 /* Load existing routes */ 1683 if_initrt(ifp->ctx, AF_INET6); 1684 return 0; 1685 } 1686 1687 void 1688 ipv6_freedrop(struct interface *ifp, int drop) 1689 { 1690 struct ipv6_state *state; 1691 struct ll_callback *cb; 1692 1693 if (ifp == NULL) 1694 return; 1695 1696 if ((state = IPV6_STATE(ifp)) == NULL) 1697 return; 1698 1699 /* If we got here, we can get rid of any LL callbacks. */ 1700 while ((cb = TAILQ_FIRST(&state->ll_callbacks))) { 1701 TAILQ_REMOVE(&state->ll_callbacks, cb, next); 1702 free(cb); 1703 } 1704 1705 ipv6_freedrop_addrs(&state->addrs, drop ? 2 : 0, NULL); 1706 if (drop) { 1707 if (ifp->ctx->ra_routers != NULL) { 1708 if_initrt(ifp->ctx, AF_INET6); 1709 rt_build(ifp->ctx, AF_INET6); 1710 } 1711 } else { 1712 /* Because we need to cache the addresses we don't control, 1713 * we only free the state on when NOT dropping addresses. */ 1714 free(state); 1715 ifp->if_data[IF_DATA_IPV6] = NULL; 1716 eloop_timeout_delete(ifp->ctx->eloop, NULL, ifp); 1717 } 1718 } 1719 1720 void 1721 ipv6_ctxfree(struct dhcpcd_ctx *ctx) 1722 { 1723 1724 free(ctx->ra_routers); 1725 free(ctx->secret); 1726 } 1727 1728 int 1729 ipv6_handleifa_addrs(int cmd, 1730 struct ipv6_addrhead *addrs, const struct ipv6_addr *addr, pid_t pid) 1731 { 1732 struct ipv6_addr *ia, *ian; 1733 uint8_t found, alldadcompleted; 1734 1735 alldadcompleted = 1; 1736 found = 0; 1737 TAILQ_FOREACH_SAFE(ia, addrs, next, ian) { 1738 if (!IN6_ARE_ADDR_EQUAL(&addr->addr, &ia->addr)) { 1739 if (ia->flags & IPV6_AF_ADDED && 1740 !(ia->flags & IPV6_AF_DADCOMPLETED)) 1741 alldadcompleted = 0; 1742 continue; 1743 } 1744 switch (cmd) { 1745 case RTM_DELADDR: 1746 if (ia->flags & IPV6_AF_ADDED) { 1747 logwarnx("%s: pid %d deleted address %s", 1748 ia->iface->name, pid, ia->saddr); 1749 ia->flags &= ~IPV6_AF_ADDED; 1750 } 1751 if (ia->flags & IPV6_AF_DELEGATED) { 1752 TAILQ_REMOVE(addrs, ia, next); 1753 ipv6_deletedaddr(ia); 1754 ipv6_freeaddr(ia); 1755 } 1756 break; 1757 case RTM_NEWADDR: 1758 /* Safety - ignore tentative announcements */ 1759 if (addr->addr_flags & 1760 (IN6_IFF_DETACHED | IN6_IFF_TENTATIVE)) 1761 break; 1762 if ((ia->flags & IPV6_AF_DADCOMPLETED) == 0) { 1763 found++; 1764 if (addr->addr_flags & IN6_IFF_DUPLICATED) 1765 ia->flags |= IPV6_AF_DUPLICATED; 1766 else 1767 ia->flags &= ~IPV6_AF_DUPLICATED; 1768 if (ia->dadcallback) 1769 ia->dadcallback(ia); 1770 /* We need to set this here in-case the 1771 * dadcallback function checks it */ 1772 ia->flags |= IPV6_AF_DADCOMPLETED; 1773 } 1774 break; 1775 } 1776 } 1777 1778 return alldadcompleted ? found : 0; 1779 } 1780 1781 #ifdef IPV6_MANAGETEMPADDR 1782 static const struct ipv6_addr * 1783 ipv6_findaddrid(struct dhcpcd_ctx *ctx, uint8_t *addr) 1784 { 1785 const struct interface *ifp; 1786 const struct ipv6_state *state; 1787 const struct ipv6_addr *ia; 1788 1789 TAILQ_FOREACH(ifp, ctx->ifaces, next) { 1790 if ((state = IPV6_CSTATE(ifp))) { 1791 TAILQ_FOREACH(ia, &state->addrs, next) { 1792 if (memcmp(&ia->addr.s6_addr[8], addr, 8) == 0) 1793 return ia; 1794 } 1795 } 1796 } 1797 return NULL; 1798 } 1799 1800 static const uint8_t nullid[8]; 1801 static const uint8_t anycastid[8] = { 1802 0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80 }; 1803 static const uint8_t isatapid[4] = { 0x00, 0x00, 0x5e, 0xfe }; 1804 1805 static void 1806 ipv6_regen_desync(struct interface *ifp, int force) 1807 { 1808 struct ipv6_state *state; 1809 time_t max; 1810 1811 state = IPV6_STATE(ifp); 1812 1813 /* RFC4941 Section 5 states that DESYNC_FACTOR must never be 1814 * greater than TEMP_VALID_LIFETIME - REGEN_ADVANCE. 1815 * I believe this is an error and it should be never be greateter than 1816 * TEMP_PREFERRED_LIFETIME - REGEN_ADVANCE. */ 1817 max = ip6_temp_preferred_lifetime(ifp->name) - REGEN_ADVANCE; 1818 if (state->desync_factor && !force && state->desync_factor < max) 1819 return; 1820 if (state->desync_factor == 0) 1821 state->desync_factor = 1822 (time_t)arc4random_uniform(MIN(MAX_DESYNC_FACTOR, 1823 (uint32_t)max)); 1824 max = ip6_temp_preferred_lifetime(ifp->name) - 1825 state->desync_factor - REGEN_ADVANCE; 1826 eloop_timeout_add_sec(ifp->ctx->eloop, max, ipv6_regentempifid, ifp); 1827 } 1828 1829 void 1830 ipv6_gentempifid(struct interface *ifp) 1831 { 1832 struct ipv6_state *state; 1833 MD5_CTX md5; 1834 uint8_t seed[16], digest[16]; 1835 int retry; 1836 1837 if ((state = IPV6_STATE(ifp)) == NULL) 1838 return; 1839 1840 retry = 0; 1841 if (memcmp(nullid, state->randomseed0, sizeof(nullid)) == 0) { 1842 uint32_t r; 1843 1844 r = arc4random(); 1845 memcpy(seed, &r, sizeof(r)); 1846 r = arc4random(); 1847 memcpy(seed + sizeof(r), &r, sizeof(r)); 1848 } else 1849 memcpy(seed, state->randomseed0, sizeof(state->randomseed0)); 1850 1851 memcpy(seed + sizeof(state->randomseed0), 1852 state->randomseed1, sizeof(state->randomseed1)); 1853 1854 again: 1855 MD5Init(&md5); 1856 MD5Update(&md5, seed, sizeof(seed)); 1857 MD5Final(digest, &md5); 1858 1859 /* RFC4941 Section 3.2.1.1 1860 * Take the left-most 64bits and set bit 6 to zero */ 1861 memcpy(state->randomid, digest, sizeof(state->randomid)); 1862 state->randomid[0] = (uint8_t)(state->randomid[0] & ~EUI64_UBIT); 1863 1864 /* RFC4941 Section 3.2.1.4 1865 * Reject reserved or existing id's */ 1866 if (memcmp(nullid, state->randomid, sizeof(nullid)) == 0 || 1867 (memcmp(anycastid, state->randomid, 7) == 0 && 1868 (anycastid[7] & state->randomid[7]) == anycastid[7]) || 1869 memcmp(isatapid, state->randomid, sizeof(isatapid)) == 0 || 1870 ipv6_findaddrid(ifp->ctx, state->randomid)) 1871 { 1872 if (++retry < GEN_TEMPID_RETRY_MAX) { 1873 memcpy(seed, digest + 8, 8); 1874 goto again; 1875 } 1876 memset(state->randomid, 0, sizeof(state->randomid)); 1877 } 1878 1879 /* RFC4941 Section 3.2.1.6 1880 * Save the right-most 64bits of the digest */ 1881 memcpy(state->randomseed0, digest + 8, 1882 sizeof(state->randomseed0)); 1883 } 1884 1885 /* RFC4941 Section 3.3.7 */ 1886 static void 1887 ipv6_tempdadcallback(void *arg) 1888 { 1889 struct ipv6_addr *ia = arg; 1890 1891 if (ia->flags & IPV6_AF_DUPLICATED) { 1892 struct ipv6_addr *ia1; 1893 struct timespec tv; 1894 1895 if (++ia->dadcounter == TEMP_IDGEN_RETRIES) { 1896 logerrx("%s: too many duplicate temporary addresses", 1897 ia->iface->name); 1898 return; 1899 } 1900 clock_gettime(CLOCK_MONOTONIC, &tv); 1901 if ((ia1 = ipv6_createtempaddr(ia, &tv)) == NULL) 1902 logerr(__func__); 1903 else 1904 ia1->dadcounter = ia->dadcounter; 1905 ipv6_deleteaddr(ia); 1906 if (ia1) 1907 ipv6_addaddr(ia1, &ia1->acquired); 1908 } 1909 } 1910 1911 struct ipv6_addr * 1912 ipv6_createtempaddr(struct ipv6_addr *ia0, const struct timespec *now) 1913 { 1914 struct ipv6_state *state; 1915 const struct ipv6_state *cstate; 1916 int genid; 1917 struct in6_addr addr, mask; 1918 uint32_t randid[2]; 1919 const struct interface *ifp; 1920 const struct ipv6_addr *ap; 1921 struct ipv6_addr *ia; 1922 uint32_t i, trylimit; 1923 1924 trylimit = TEMP_IDGEN_RETRIES; 1925 state = IPV6_STATE(ia0->iface); 1926 genid = 0; 1927 1928 addr = ia0->addr; 1929 ipv6_mask(&mask, ia0->prefix_len); 1930 /* clear the old ifid */ 1931 for (i = 0; i < 4; i++) 1932 addr.s6_addr32[i] &= mask.s6_addr32[i]; 1933 1934 again: 1935 if (memcmp(state->randomid, nullid, sizeof(nullid)) == 0) 1936 genid = 1; 1937 if (genid) { 1938 memcpy(state->randomseed1, &ia0->addr.s6_addr[8], 1939 sizeof(state->randomseed1)); 1940 ipv6_gentempifid(ia0->iface); 1941 if (memcmp(state->randomid, nullid, sizeof(nullid)) == 0) { 1942 errno = EFAULT; 1943 return NULL; 1944 } 1945 } 1946 memcpy(&randid[0], state->randomid, sizeof(randid[0])); 1947 memcpy(&randid[1], state->randomid + sizeof(randid[1]), 1948 sizeof(randid[2])); 1949 addr.s6_addr32[2] |= randid[0] & ~mask.s6_addr32[2]; 1950 addr.s6_addr32[3] |= randid[1] & ~mask.s6_addr32[3]; 1951 1952 /* Ensure we don't already have it */ 1953 TAILQ_FOREACH(ifp, ia0->iface->ctx->ifaces, next) { 1954 cstate = IPV6_CSTATE(ifp); 1955 if (cstate) { 1956 TAILQ_FOREACH(ap, &cstate->addrs, next) { 1957 if (IN6_ARE_ADDR_EQUAL(&ap->addr, &addr)) { 1958 if (--trylimit == 0) { 1959 errno = EEXIST; 1960 return NULL; 1961 } 1962 genid = 1; 1963 goto again; 1964 } 1965 } 1966 } 1967 } 1968 1969 ia = ipv6_newaddr(ia0->iface, &addr, ia0->prefix_len, 1970 IPV6_AF_AUTOCONF | IPV6_AF_TEMPORARY); 1971 /* Must be made tentative, for our DaD to work */ 1972 ia->addr_flags = IN6_IFF_TENTATIVE; 1973 ia->dadcallback = ipv6_tempdadcallback; 1974 ia->created = ia->acquired = now ? *now : ia0->acquired; 1975 1976 /* Ensure desync is still valid */ 1977 ipv6_regen_desync(ia->iface, 0); 1978 1979 /* RFC4941 Section 3.3.4 */ 1980 i = (uint32_t)(ip6_temp_preferred_lifetime(ia0->iface->name) - 1981 state->desync_factor); 1982 ia->prefix_pltime = MIN(ia0->prefix_pltime, i); 1983 i = (uint32_t)ip6_temp_valid_lifetime(ia0->iface->name); 1984 ia->prefix_vltime = MIN(ia0->prefix_vltime, i); 1985 if (ia->prefix_pltime <= REGEN_ADVANCE || 1986 ia->prefix_pltime > ia0->prefix_vltime) 1987 { 1988 errno = EINVAL; 1989 free(ia); 1990 return NULL; 1991 } 1992 1993 TAILQ_INSERT_TAIL(&state->addrs, ia, next); 1994 return ia; 1995 } 1996 1997 struct ipv6_addr * 1998 ipv6_settemptime(struct ipv6_addr *ia, int flags) 1999 { 2000 struct ipv6_state *state; 2001 struct ipv6_addr *ap, *first; 2002 2003 state = IPV6_STATE(ia->iface); 2004 first = NULL; 2005 TAILQ_FOREACH_REVERSE(ap, &state->addrs, ipv6_addrhead, next) { 2006 if (ap->flags & IPV6_AF_TEMPORARY && 2007 ap->prefix_pltime && 2008 IN6_ARE_ADDR_EQUAL(&ia->prefix, &ap->prefix)) 2009 { 2010 time_t max, ext; 2011 2012 if (flags == 0) { 2013 if (ap->prefix_pltime - 2014 (uint32_t)(ia->acquired.tv_sec - 2015 ap->acquired.tv_sec) 2016 < REGEN_ADVANCE) 2017 continue; 2018 2019 return ap; 2020 } 2021 2022 if (!(ap->flags & IPV6_AF_ADDED)) 2023 ap->flags |= IPV6_AF_NEW | IPV6_AF_AUTOCONF; 2024 ap->flags &= ~IPV6_AF_STALE; 2025 2026 /* RFC4941 Section 3.4 2027 * Deprecated prefix, deprecate the temporary address */ 2028 if (ia->prefix_pltime == 0) { 2029 ap->prefix_pltime = 0; 2030 goto valid; 2031 } 2032 2033 /* Ensure desync is still valid */ 2034 ipv6_regen_desync(ap->iface, 0); 2035 2036 /* RFC4941 Section 3.3.2 2037 * Extend temporary times, but ensure that they 2038 * never last beyond the system limit. */ 2039 ext = ia->acquired.tv_sec + (time_t)ia->prefix_pltime; 2040 max = ap->created.tv_sec + 2041 ip6_temp_preferred_lifetime(ap->iface->name) - 2042 state->desync_factor; 2043 if (ext < max) 2044 ap->prefix_pltime = ia->prefix_pltime; 2045 else 2046 ap->prefix_pltime = 2047 (uint32_t)(max - ia->acquired.tv_sec); 2048 2049 valid: 2050 ext = ia->acquired.tv_sec + (time_t)ia->prefix_vltime; 2051 max = ap->created.tv_sec + 2052 ip6_temp_valid_lifetime(ap->iface->name); 2053 if (ext < max) 2054 ap->prefix_vltime = ia->prefix_vltime; 2055 else 2056 ap->prefix_vltime = 2057 (uint32_t)(max - ia->acquired.tv_sec); 2058 2059 /* Just extend the latest matching prefix */ 2060 ap->acquired = ia->acquired; 2061 2062 /* If extending return the last match as 2063 * it's the most current. 2064 * If deprecating, deprecate any other addresses we 2065 * may have, although this should not be needed */ 2066 if (ia->prefix_pltime) 2067 return ap; 2068 if (first == NULL) 2069 first = ap; 2070 } 2071 } 2072 return first; 2073 } 2074 2075 void 2076 ipv6_addtempaddrs(struct interface *ifp, const struct timespec *now) 2077 { 2078 struct ipv6_state *state; 2079 struct ipv6_addr *ia; 2080 2081 state = IPV6_STATE(ifp); 2082 TAILQ_FOREACH(ia, &state->addrs, next) { 2083 if (ia->flags & IPV6_AF_TEMPORARY && 2084 !(ia->flags & IPV6_AF_STALE)) 2085 ipv6_addaddr(ia, now); 2086 } 2087 } 2088 2089 static void 2090 ipv6_regentempaddr(void *arg) 2091 { 2092 struct ipv6_addr *ia = arg, *ia1; 2093 struct timespec tv; 2094 2095 logdebugx("%s: regen temp addr %s", ia->iface->name, ia->saddr); 2096 clock_gettime(CLOCK_MONOTONIC, &tv); 2097 ia1 = ipv6_createtempaddr(ia, &tv); 2098 if (ia1) 2099 ipv6_addaddr(ia1, &tv); 2100 else 2101 logerr(__func__); 2102 } 2103 2104 static void 2105 ipv6_regentempifid(void *arg) 2106 { 2107 struct interface *ifp = arg; 2108 struct ipv6_state *state; 2109 2110 state = IPV6_STATE(ifp); 2111 if (memcmp(state->randomid, nullid, sizeof(state->randomid))) 2112 ipv6_gentempifid(ifp); 2113 2114 ipv6_regen_desync(ifp, 1); 2115 } 2116 #endif /* IPV6_MANAGETEMPADDR */ 2117 2118 void 2119 ipv6_markaddrsstale(struct interface *ifp, unsigned int flags) 2120 { 2121 struct ipv6_state *state; 2122 struct ipv6_addr *ia; 2123 2124 state = IPV6_STATE(ifp); 2125 if (state == NULL) 2126 return; 2127 2128 TAILQ_FOREACH(ia, &state->addrs, next) { 2129 if (flags == 0 || ia->flags & flags) 2130 ia->flags |= IPV6_AF_STALE; 2131 } 2132 } 2133 2134 void 2135 ipv6_deletestaleaddrs(struct interface *ifp) 2136 { 2137 struct ipv6_state *state; 2138 struct ipv6_addr *ia, *ia1; 2139 2140 state = IPV6_STATE(ifp); 2141 if (state == NULL) 2142 return; 2143 2144 TAILQ_FOREACH_SAFE(ia, &state->addrs, next, ia1) { 2145 if (ia->flags & IPV6_AF_STALE) 2146 ipv6_handleifa(ifp->ctx, RTM_DELADDR, 2147 ifp->ctx->ifaces, ifp->name, 2148 &ia->addr, ia->prefix_len, 0, getpid()); 2149 } 2150 } 2151 2152 2153 static struct rt * 2154 inet6_makeroute(struct interface *ifp, const struct ra *rap) 2155 { 2156 struct rt *rt; 2157 2158 if ((rt = rt_new(ifp)) == NULL) 2159 return NULL; 2160 2161 #ifdef HAVE_ROUTE_METRIC 2162 rt->rt_metric = ifp->metric; 2163 #endif 2164 if (rap != NULL) 2165 rt->rt_mtu = rap->mtu; 2166 return rt; 2167 } 2168 2169 static struct rt * 2170 inet6_makeprefix(struct interface *ifp, const struct ra *rap, 2171 const struct ipv6_addr *addr) 2172 { 2173 struct rt *rt; 2174 struct in6_addr netmask; 2175 2176 if (addr == NULL || addr->prefix_len > 128) { 2177 errno = EINVAL; 2178 return NULL; 2179 } 2180 2181 /* There is no point in trying to manage a /128 prefix, 2182 * ones without a lifetime or ones not on link or delegated */ 2183 if (addr->prefix_len == 128 || 2184 addr->prefix_vltime == 0 || 2185 !(addr->flags & (IPV6_AF_ONLINK | IPV6_AF_DELEGATEDPFX))) 2186 return NULL; 2187 2188 /* Don't install a reject route when not creating bigger prefixes */ 2189 if (addr->flags & IPV6_AF_NOREJECT) 2190 return NULL; 2191 2192 /* This address is the delegated prefix, so add a reject route for 2193 * it via the loopback interface. */ 2194 if (addr->flags & IPV6_AF_DELEGATEDPFX) { 2195 struct interface *lo0; 2196 2197 TAILQ_FOREACH(lo0, ifp->ctx->ifaces, next) { 2198 if (lo0->flags & IFF_LOOPBACK) 2199 break; 2200 } 2201 if (lo0 == NULL) 2202 logwarnx("cannot find a loopback interface " 2203 "to reject via"); 2204 else 2205 ifp = lo0; 2206 } 2207 2208 if ((rt = inet6_makeroute(ifp, rap)) == NULL) 2209 return NULL; 2210 2211 sa_in6_init(&rt->rt_dest, &addr->prefix); 2212 ipv6_mask(&netmask, addr->prefix_len); 2213 sa_in6_init(&rt->rt_netmask, &netmask); 2214 if (addr->flags & IPV6_AF_DELEGATEDPFX) { 2215 rt->rt_flags |= RTF_REJECT; 2216 /* Linux does not like a gateway for a reject route. */ 2217 #ifndef __linux__ 2218 sa_in6_init(&rt->rt_gateway, &in6addr_loopback); 2219 #endif 2220 } else 2221 rt->rt_gateway.sa_family = AF_UNSPEC; 2222 sa_in6_init(&rt->rt_ifa, &addr->addr); 2223 return rt; 2224 } 2225 2226 static struct rt * 2227 inet6_makerouter(struct ra *rap) 2228 { 2229 struct rt *rt; 2230 2231 if ((rt = inet6_makeroute(rap->iface, rap)) == NULL) 2232 return NULL; 2233 sa_in6_init(&rt->rt_dest, &in6addr_any); 2234 sa_in6_init(&rt->rt_netmask, &in6addr_any); 2235 sa_in6_init(&rt->rt_gateway, &rap->from); 2236 return rt; 2237 } 2238 2239 #define RT_IS_DEFAULT(rtp) \ 2240 (IN6_ARE_ADDR_EQUAL(&((rtp)->dest), &in6addr_any) && \ 2241 IN6_ARE_ADDR_EQUAL(&((rtp)->mask), &in6addr_any)) 2242 2243 static int 2244 inet6_staticroutes(struct rt_head *routes, struct dhcpcd_ctx *ctx) 2245 { 2246 struct interface *ifp; 2247 struct ipv6_state *state; 2248 struct ipv6_addr *ia; 2249 struct rt *rt; 2250 2251 TAILQ_FOREACH(ifp, ctx->ifaces, next) { 2252 if ((state = IPV6_STATE(ifp)) == NULL) 2253 continue; 2254 TAILQ_FOREACH(ia, &state->addrs, next) { 2255 if ((ia->flags & (IPV6_AF_ADDED | IPV6_AF_STATIC)) == 2256 (IPV6_AF_ADDED | IPV6_AF_STATIC)) 2257 { 2258 rt = inet6_makeprefix(ifp, NULL, ia); 2259 if (rt) 2260 TAILQ_INSERT_TAIL(routes, rt, rt_next); 2261 } 2262 } 2263 } 2264 return 0; 2265 } 2266 2267 static int 2268 inet6_raroutes(struct rt_head *routes, struct dhcpcd_ctx *ctx, int expired, 2269 bool *have_default) 2270 { 2271 struct rt *rt; 2272 struct ra *rap; 2273 const struct ipv6_addr *addr; 2274 2275 TAILQ_FOREACH(rap, ctx->ra_routers, next) { 2276 if (rap->expired != expired) 2277 continue; 2278 TAILQ_FOREACH(addr, &rap->addrs, next) { 2279 if (addr->prefix_vltime == 0) 2280 continue; 2281 rt = inet6_makeprefix(rap->iface, rap, addr); 2282 if (rt) { 2283 rt->rt_dflags |= RTDF_RA; 2284 TAILQ_INSERT_TAIL(routes, rt, rt_next); 2285 } 2286 } 2287 if (rap->lifetime) { 2288 rt = inet6_makerouter(rap); 2289 if (rt) { 2290 rt->rt_dflags |= RTDF_RA; 2291 TAILQ_INSERT_TAIL(routes, rt, rt_next); 2292 if (have_default) 2293 *have_default = true; 2294 } 2295 } 2296 } 2297 return 0; 2298 } 2299 2300 static int 2301 inet6_dhcproutes(struct rt_head *routes, struct dhcpcd_ctx *ctx, 2302 enum DH6S dstate) 2303 { 2304 struct interface *ifp; 2305 const struct dhcp6_state *d6_state; 2306 const struct ipv6_addr *addr; 2307 struct rt *rt; 2308 2309 TAILQ_FOREACH(ifp, ctx->ifaces, next) { 2310 d6_state = D6_CSTATE(ifp); 2311 if (d6_state && d6_state->state == dstate) { 2312 TAILQ_FOREACH(addr, &d6_state->addrs, next) { 2313 rt = inet6_makeprefix(ifp, NULL, addr); 2314 if (rt) { 2315 rt->rt_dflags |= RTDF_DHCP; 2316 TAILQ_INSERT_TAIL(routes, rt, rt_next); 2317 } 2318 } 2319 } 2320 } 2321 return 0; 2322 } 2323 2324 bool 2325 inet6_getroutes(struct dhcpcd_ctx *ctx, struct rt_head *routes) 2326 { 2327 bool have_default; 2328 2329 /* Should static take priority? */ 2330 if (inet6_staticroutes(routes, ctx) == -1) 2331 return false; 2332 2333 /* First add reachable routers and their prefixes */ 2334 have_default = false; 2335 if (inet6_raroutes(routes, ctx, 0, &have_default) == -1) 2336 return false; 2337 2338 /* We have no way of knowing if prefixes added by DHCP are reachable 2339 * or not, so we have to assume they are. 2340 * Add bound before delegated so we can prefer interfaces better */ 2341 if (inet6_dhcproutes(routes, ctx, DH6S_BOUND) == -1) 2342 return false; 2343 if (inet6_dhcproutes(routes, ctx, DH6S_DELEGATED) == -1) 2344 return false; 2345 2346 #ifdef HAVE_ROUTE_METRIC 2347 /* If we have an unreachable router, we really do need to remove the 2348 * route to it beause it could be a lower metric than a reachable 2349 * router. Of course, we should at least have some routers if all 2350 * are unreachable. */ 2351 if (!have_default) { 2352 #endif 2353 /* Add our non-reachable routers and prefixes 2354 * Unsure if this is needed, but it's a close match to kernel 2355 * behaviour */ 2356 if (inet6_raroutes(routes, ctx, 1, NULL) == -1) 2357 return false; 2358 #ifdef HAVE_ROUTE_METRIC 2359 } 2360 #endif 2361 2362 return true; 2363 } 2364